d129b218c976efed61c74f3a971f114486129713cfbfed50fa6c24888b5db3d8

Analysis

max time kernel
152s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

198d7ef0ce493bb7291bcb66b47a898d.exe
Size

72KB
MD5

198d7ef0ce493bb7291bcb66b47a898d
SHA1

b9f415b7e25188f5cf73c890c8b76142103803b9
SHA256

d129b218c976efed61c74f3a971f114486129713cfbfed50fa6c24888b5db3d8
SHA512

3d413c6f024267c3031ef4c5a7a4f43a011a795b80fd79b407ccca95c5e495a7bd52bbd502f06ba44edf065ea863614ad9819dbeb61a2f50305ad499743e3c59
SSDEEP

1536:SbncStgEBA76pCnYabUcdYkJuLqohG0qKo3vGPscA:Sbn27A+dxYLqmGHKo3vGPi

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Project1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\198d7ef0ce493bb7291bcb66b47a898d.exe"	198d7ef0ce493bb7291bcb66b47a898d.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\45	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\47	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\86	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\12	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\90	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\94	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\98	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\51	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\48	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\61	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\34	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\4	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\71	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\92	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\check.dll	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\70	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\72	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\97	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\46	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\58	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\67	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\31	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\14	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\35	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\36	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\68	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\5	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\18	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\25	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\78	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\81	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\89	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\15	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\59	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\10	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\24	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\22	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\50	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\16	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\38	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\62	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\74	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\13	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\55	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\73	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\75	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\84	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\2	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\77	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\82	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\29	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\93	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\37	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\26	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\60	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\69	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\85	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\87	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\8	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\64	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\53	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\56	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\57	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\63	198d7ef0ce493bb7291bcb66b47a898d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3712	198d7ef0ce493bb7291bcb66b47a898d.exe

C:\Users\Admin\AppData\Local\Temp\198d7ef0ce493bb7291bcb66b47a898d.exe
"C:\Users\Admin\AppData\Local\Temp\198d7ef0ce493bb7291bcb66b47a898d.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\5

Filesize
19KB

MD5
ca344c13d1ff2f87a18a02a70ebf6099

SHA1
f10e334553b36d563a70867723b0afae5eb40368

SHA256
c0abc75a08599f4e8dbd4a98040e2aefd84296b3b3fdaa50fad0da07a4abdd1f

SHA512
ca4e9025ce9ff35e6efb486f3e4fa731fef40b65122e62f4c6298740e1392b4b8088bd4a13c6db943e5da93b6520f86be415ae0baa86b8be65ffc2d6fab733b0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads